[lxc-users] container root unable to setcap in container

Michael Johnson johnson at cognitech-ut.com
Fri Mar 9 10:09:05 UTC 2018


Hi All!

I have noticed that a container's root user is unable to modify the
capabilities of a root-owned file in the container.

For example:
setcap cap_net_raw=ep /bin/ping
returns:
Failed to set capabilities on file `ping' (Operation not permitted)

It is possible to set this capability as root from the host, operating
on the container's file.

Can someone please explain this behavior? What am I doing wrong? When is
root in the container not root in the container?

This is on gentoo. Have I overlooked an obscure kernel config?

Thanks!



More information about the lxc-users mailing list